The message, which appears to be written in Norwegian, roughly translates to:

Hey Man,

I do not know how to say it, but I have tried for a long time to send you some pictures, but I've been thinking that you are not interested in seeing me.But now I'll send you pictures in the attachment.Download the images and extract them, I'm sure that you will like them. The password is: 123456

Have a great day.

The attached file, named Image123.zip, is encrypted - presumably in an attempt to avoid detection by weaker anti-virus products - but the email message contains the password to unlock the ZIP and reveal the malware to you.

Of course, an attack like this is only likely to trick users who speak Norwegian (or its close linguistic neighbour Danish), but you can imagine how a message claiming to come from a Facebook or Hi5 friend might trick some people into checking out what hides behind the ZIP without thinking.

Close, but no cigar. They are still struggling with the language barrier.
I don't know if it's the e-mail client, but the Norwegian characters (øæå) have been converted to something else. So you got about 6 words in there that’s just rubbish.(http://en.wikipedia.org/wiki/Danish_and_Norwegian_alphabet)

And the e-mail is definitively written using an automated translator. The content is awkwardly written at best, and some of it doesn’t make sense, or isn’t really something you can write or say, eg:

“but I have tried for a long time” directly translates into “men jeg har prøvd for en lang tid”, and you can’t really say or write that in Norwegian at all.
It also asks you to “pull the files out”, not extract or unpack (which makes no sense).

I got the same message to the other, and the grammar was wrong. And because I do not have facebook, I opened the message. Fortunately. This topic has come to me 8/28/2011. Fortunately, the message discovers that it has made ​​to the translator. Text like this, so forgive the grammatical errors. Sincerely Tommi.V Finland

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley